Detecting source code modification attacks

Security Lessons: Modified Code Attacks

Learn how to protect yourself against malicious attacks by modified source code.

Normally, when I think about intrusion detection, my thoughts go straight to solutions for things like network- and hostbased intrusion detection – in other words, the usual suspects (Snort, OSSEC, Prelude, event logging and analysis, etc.) [1] – but an often overlooked area of intrusion detection is source code modification attacks.

In the past few months, several highprofile source code modification attacks have taken place. Fortunately, two of the largest were quickly detected and dealt with, but only because pre-existing systems and processes were in place that could detect the attack and allow it to be handled.